made post work with dropzone.js

[killerham]

Some CORS headers were missing for use with dropzone.js post functionality when using presigned post.

[seichner]

@killerham we ran into the same problem some weeks ago: this is better solved by using an updated dropzonejs so that you can disable these headers. @phoet fixed this in dropzone/dropzone@441bb4c, it's already in dropzone stable. Just needs a new release with compiled files.

[phoet]

i'm not super familiar with the s3 bucket configuration, but AFAIK you can set the allowed headers etc yourself: http://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html

so it would be good to either be less restrictive (allow * for all the things) or make those options configurable. same is true for content-type.

[pickhardt]

I think changing it to "*" would be best. @killerham Hamed, what do you think?

[killerham]

Making it * would be easier I think

[korya]

+1 for '*' in allowed headers. I need to support multi-part uploads using evaporate-js. The latter relies on 'x-amz-content-sha256' header.

Update: evaporate-js uses 3 headers: Content-MD5, X-AMZ-Content-SHA256 and X-AMZ-Date.
Additionally, Chrome Canaray does not support today a wildcard '*' in 'Access-Control-Allow-Headers', so I had to list all the headers manually.